White Paper

Data Protection in India

13-Jan-2020

Data is a critical asset that holds the key to unlocking empowerment, progress and innovation in economies worldwide. To unleash its potential, organizations need to inspire confidence in their ability to keep data safe and secure. In the wake of the global threats to data protection, landmark legislations including European Union’s Global Data Protection Regulation and Right to Privacy by Supreme Court of India caught the imagination of Indian lawmakers

An expert committee constituted under the chairmanship of Justice B.N. Srikrishna was tasked to draft a comprehensive data protection law for the nation. On 27th July 2018, this Expert Committee published its report along with the Personal Data Protection Bill 2018.

Closely modelled on GDPR, the PDP is built on the solid principles of user consent, purpose limitation, collection limitation, authorized basis for processing, right to access & correct personal data, right to delete erroneous data (including profiling) and data portability. Once implemented, the Bill will require enterprises to incorporate “privacy by design” as its core management principle and revisit information technology infrastructure & policies to comply with requirements.

By simplifying the rights of data principals and obligations of data fiduciaries & data processors mandated in the Bill, this white paper discusses the implications of this new data protection regime for the industry and provides a road ahead for compliance.